Use strict prototypes, when they don't introduce more warnings than they fix.
Also localify a few functions.

Remove unused variables.

branches: 1.39.26;
From Alexander Sbitnev <alexander.sbitnev@gmail.com>: fix admin port
establish-sa for tunnel mode SAs.

branches: 1.38.4; 1.38.8; 1.38.14;
Use separate SA addresses for phase2's created by admin command. The
phase2 startup overwrites src/dst with ISAKMP ports if they are zero
and we don't want that to happen for the SA ports.

isakmp_post_acquire is now called from admin commands too, add a flag so
admin commands can be used to establish even passive links on demand.

Extern admin protocol to allow reply packets to exceed 64kb. E.g SA dumps
with many established SAs can be easily over the limit.

Introduce priorities for file descriptor polling mechanism and give
priority to admin port. If admin port is used by ISAKMP-SA hook scripts
they should be preferred, other wise heavy traffic can delay admin port
requests considerably. This in turn may cause renegotiation loop for
ISAKMP-SA. This is mostly useful for OpenNHRP setup, but can benefit
other setups too.

Remove initial-contact entry when all ISAKMP-SA are purged via adminport.
This will avoid stale security associations if some of the delete
notifications happens to get lost.

get the correct length of username when processing ADMIN_LOGOUT_USER, patch by rweikusat (at) mssgmbh.com

When rekeying phase2 use phase1 used to negotiate phase2 as a hint to
select the phase1 for rekeying the new phase2.

Get rid of the evil CMPSADDR macro. Trac #295.

Originally from Bin Li: Fix a crash with racoonctl logout user.

Support multiple anonymous remotes and decide remoteconf based on identity,
received certificates and other information. General code clean up.

branches: 1.28.2;
Remove "fastquit" configure option and make it the default behaviour. The
previous normal behaviour is buggy, as after flush kernel can immediately
create larval SA:s which would prevent exit.

rewrite local address detection
make some functions static that arr not needed globally
rework how fd_set is construction for the main loop select()

branches: 1.26.4;
Implement ISAKMP SA rekeying configurable with rekey {on|off|force} option
in remote conf.

Eliminate gcc-specific feature of unnamed structures added recently.

Add an admin port command to retrieve the peer certificate. Submitted by Timo Teras.

Set sockets to be closed on exec to avoid potential file descriptor inheritance issues. Submitted by Timo Teras.

Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.

Admin port code cleanup. No functional changes. Submitted by Timo Teras.

branches: 1.20.4;
Add the ability to initiate IPsec SA negotiations using the admin socket.
Submitted by Timo Teras.

Refactor admin socket event protocol to be less error prone. Backwards compatibility is provided. Submitted by Timo Teras.

branches: 1.18.4; 1.18.8; 1.18.10;
use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues

branches: 1.17.2; 1.17.4; 1.17.6;
fix endianness issue introduced yesterday

Fix memory leak (Coverity 2002)

Fix memory leak (Coverity 2001), refactor the code to use port get/set
functions

Avoid reusing free'd pointer (Coverity 4200)

Do not free id and key, as they are used later

Remove dead code (Coverity)

Fix memory leak (Coverity)

One more memory leak

Fix memory leak in racoonctl (coverity)

Migration of ipsec-tools to NetBSD CVS part 2: resolving the import conflicts.
Since we previously had a release branch and we import here the HEAD of CVS,
let's assume all local changes are to be dumped. Local patches should have
been propagated upstream, anyway.

Merge ipsec-tools 0.6.3 import

Update to ipsec-tools 0.6.1

Resolve conflicts caused by recent ipsec-tools-0.6.1rc1 import by prefering
the newer software. Some useful local change might have been overwritten,
we'll take care of this soon.

Don't use adminport when it is disabled

More NAT-T fixes for the situation where racoon acts as a VPN client
Flush SA and generated SP on DPD timeout and deletion payloads

all SA -> all SAs.

branches: 1.1.1;
Initial revision

From Alexander Sbitnev <alexander.sbitnev@gmail.com>: fix admin port
establish-sa for tunnel mode SAs.

branches: 1.38.4; 1.38.8; 1.38.14;
Use separate SA addresses for phase2's created by admin command. The
phase2 startup overwrites src/dst with ISAKMP ports if they are zero
and we don't want that to happen for the SA ports.

isakmp_post_acquire is now called from admin commands too, add a flag so
admin commands can be used to establish even passive links on demand.

Extern admin protocol to allow reply packets to exceed 64kb. E.g SA dumps
with many established SAs can be easily over the limit.

Introduce priorities for file descriptor polling mechanism and give
priority to admin port. If admin port is used by ISAKMP-SA hook scripts
they should be preferred, other wise heavy traffic can delay admin port
requests considerably. This in turn may cause renegotiation loop for
ISAKMP-SA. This is mostly useful for OpenNHRP setup, but can benefit
other setups too.

Remove initial-contact entry when all ISAKMP-SA are purged via adminport.
This will avoid stale security associations if some of the delete
notifications happens to get lost.

get the correct length of username when processing ADMIN_LOGOUT_USER, patch by rweikusat (at) mssgmbh.com

When rekeying phase2 use phase1 used to negotiate phase2 as a hint to
select the phase1 for rekeying the new phase2.

Get rid of the evil CMPSADDR macro. Trac #295.

Originally from Bin Li: Fix a crash with racoonctl logout user.

Support multiple anonymous remotes and decide remoteconf based on identity,
received certificates and other information. General code clean up.

branches: 1.28.2;
Remove "fastquit" configure option and make it the default behaviour. The
previous normal behaviour is buggy, as after flush kernel can immediately
create larval SA:s which would prevent exit.

rewrite local address detection
make some functions static that arr not needed globally
rework how fd_set is construction for the main loop select()

branches: 1.26.4;
Implement ISAKMP SA rekeying configurable with rekey {on|off|force} option
in remote conf.

Eliminate gcc-specific feature of unnamed structures added recently.

Add an admin port command to retrieve the peer certificate. Submitted by Timo Teras.

Set sockets to be closed on exec to avoid potential file descriptor inheritance issues. Submitted by Timo Teras.

Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.

Admin port code cleanup. No functional changes. Submitted by Timo Teras.

branches: 1.20.4;
Add the ability to initiate IPsec SA negotiations using the admin socket.
Submitted by Timo Teras.

Refactor admin socket event protocol to be less error prone. Backwards compatibility is provided. Submitted by Timo Teras.

branches: 1.18.4; 1.18.8; 1.18.10;
use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues

branches: 1.17.2; 1.17.4; 1.17.6;
fix endianness issue introduced yesterday

Fix memory leak (Coverity 2002)

Fix memory leak (Coverity 2001), refactor the code to use port get/set
functions

Avoid reusing free'd pointer (Coverity 4200)

Do not free id and key, as they are used later

Remove dead code (Coverity)

Fix memory leak (Coverity)

One more memory leak

Fix memory leak in racoonctl (coverity)

Migration of ipsec-tools to NetBSD CVS part 2: resolving the import conflicts.
Since we previously had a release branch and we import here the HEAD of CVS,
let's assume all local changes are to be dumped. Local patches should have
been propagated upstream, anyway.

Merge ipsec-tools 0.6.3 import

Update to ipsec-tools 0.6.1

Resolve conflicts caused by recent ipsec-tools-0.6.1rc1 import by prefering
the newer software. Some useful local change might have been overwritten,
we'll take care of this soon.

Don't use adminport when it is disabled

More NAT-T fixes for the situation where racoon acts as a VPN client
Flush SA and generated SP on DPD timeout and deletion payloads

all SA -> all SAs.

branches: 1.1.1;
Initial revision

Migrate ipsec-tools CVS to cvs.netbsd.org

Update ipsec-tools to 0.6.1rc1
Most of the changes since 0.6b4 have already been committed to the NetBSD
tree. This upgrade fixes some IPcomp and NAT-T related problems that were
left unadressed in the NetBSD tree.

branches: 1.1.1.2.2;
Import ipsec-tools 0.6 branch as of 2005/02/23. News from last imported version
according to ipsec-tools' ChangeLog:

2005-02-23 Emmanuel Dreyfus <manu@netbsd.org>

* configure.ac, src/racoon/{Makefile.am|crypto_openssl.c}: optionnal
support for patented algorithms: IDEA and RC5.
* src/racoon/{isakmp_xauth.c|main.c}: don't initialize RADIUS if it
is not required in the configuration
* src/racoon/isakmp.c: do not reject addresses for which kernel
refused UDP encapsulation, they can still be used for non NAT-T
traffic (eg: NAT-T enabled racoon on non NAT-T enabled kernel)

2005-02-18 Emmanuel Dreyfus <manu@netbsd.org>

* src/racoon/{main.c|eaytest.c|plairsa-gen.c}
src/setkey/setkey.c: don't use fuzzy paths for package_version.h

2005-02-18 Yvan Vanhullebus <vanhu@free.fr>

* src/racoon/isakmp_inf.c: Purge generated SPDs when getting a
related DELETE_SA
* src/racoon/pfkey.c: do NOT unbindph12() when SA acquire

2005-02-17 Emmanuel Dreyfus <manu@netbsd.org>

From Fred Senault <fred.letter@lacave.net>
* src/racoon/remoteconf.c: Fix a bug in script init

2005-02-17 Yvan Vanhullebus <vanhu@free.fr>

* src/racoon/ipsec_doi.c: Workaround for phase1 lifetime checks

2005-02-15 Michal Ludvig <michal@logix.cz>

* configure.ac: Changed --enable-natt_NN to --enable-natt-versions=NN,NN

Import ipsec-tools (tag ipsec-tools-0_6-base in ipsec-tools CVS)
ipsec-tools is a fork from KAME racoon/libipsec/setkey, with many
enhancements.

Apply patch (requested by manu in ticket #981):
Update ipsec-tools to version 0.6.3.

Apply patch (requested by tron in ticket #741):
Update ipsec-tools to version 0.6.1.

Pull up revision 1.4 (requested by manu in ticket #581):
Don't use adminport when it is disabled

Pull up revision 1.3 (requested by manu in ticket #277):
More NAT-T fixes for the situation where racoon acts as a VPN client
Flush SA and generated SP on DPD timeout and deletion payloads

Originally from Bin Li: Fix a crash with racoonctl logout user.

Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.

use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues

Sync with netbsd-4.

Sync w/ NetBSD-4-RC_1

Upgrade ipsec-tools to release 0.7.1 (requested by manu in ticket #1183).

branches: 1.17.2.1.2;
Pull up following revision(s) (requested by manu in ticket #830):

Import ipsec-tools 0.7

Upgrade ipsec-tools to release 0.7.1 (requested by manu in ticket #1183).

use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues

file admin.c was added on branch matt-mips64 on 2007-07-18 12:07:52 +0000

sync with head.

sync with HEAD

Sync with wrstuden-revivesa-base-2.

Sync w/ -current. 34 merge conflicts to follow.

Apply patch (requested by manu/spz in #378):
Downgrade ipsec-tools to 0.7.1nb1.

Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html

resync from head

sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")

From Alexander Sbitnev <alexander.sbitnev@gmail.com>: fix admin port
establish-sa for tunnel mode SAs.